The Lapsus$ group has recently shared another attack operation involving the leading Identity and Access Management (IAM) solutions and authentication services firm, Okta. The threat group has allegedly infiltrated the firm’s customer data and leaked it on their Telegram channel, with some screenshots for proof.
Based in San Francisco, USA, Okta employs over 5,000 workforces worldwide. The solutions firm also serves large firms from various sectors, such as Starling Bank and Siemens.
The alleged data breach against Okta shows that the Lapsus$ threat group was able to steal the solution firm’s ‘superuser/admin access’ on their official website. The group has accessed the firm’s customer data through this.
Moreover, as per the analysis of cybersecurity experts, it was found that the system data on the screenshots posted by the threat group was set to January 21 of this year, which suggests that the data breach may have been executed a couple of months ago.
The solutions firm has already been aware of the data breach issue and is now probing the incident. The company will share more updates after they have acquired important information.
Before the data breach incident that ensued to Okta, the same threat group, Lapsus$, also claimed a separate data breach of Microsoft’s Internal Azure DevOps server. The group has leaked about 37GB of source code stolen from the tech firm, including several Microsoft projects like Bing and Cortana.
Moreover, an electronics company, LG Electronics, had also allegedly suffered from a data breach done by Lapsus$. This issue, nonetheless, has yet to be confirmed by analysts.
Other confirmed data breach incidents from the Lapsus$ threat group’s operations this year include NVIDIA, Samsung, and Mercado Libre, which have lost a considerable amount of propriety data to the threat group.
As of now, the extent of the data breach in Okta’s systems has not yet been completely investigated. The leak of some of their data shows how the Lapsus$ threat group usually does their operations, wherein they breach their victims’ data to the public if their ransom requests are declined.
